Links to safelinks.protection.outlook.com

[rrohbeck]

Our company just moved to Office365. As a result emails with links to internal websites now contain something like https://na01.safelinks.protection.outlo ... ow_bug.cgi...

Those don't work with NoScript enabled (I end up with an empty page with the full safelinks address in the address bar and no NoScript notifications.) outlook.com, office.com and office365.com are all whitelisted. There's a flurry of messages in the status bar (redirections, TLS handshakes) but they change too fast to read them all. How can I troubleshoot this? Are there any logs?
This is with Firefox 55 on Debian stretch FWIW.

[barbaz]

What version of NoScript?

When this issue occurs, do you see anything related in the Browser Console? (Ctrl-Shift-J)
(if you don't know what's related, turn off CSS warnings and post everything else you see)

[rrohbeck]

This is with NoScript 5.0.6.

Ah! In the browser console I see

Code: Select all

[ABE] < LOCAL> Deny on {GET http://corpsite.corp.com/... <<< https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcorpsite.corp.com%2F...%3D&reserved=0, https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcorpsite.corp.com%2F...%3D&reserved=0, chrome://browser/content/browser.xul - 1}
SYSTEM rule:
Site LOCAL
Accept from LOCAL
Deny

How can I fix that? I never understood ABE and how to configure it.

[barbaz]

NoScript Options > Advanced > ABE > SYSTEM, add *at the very top*

Code: Select all

Site corpsite.corp.com bugzilla.mycompany.com
Accept GET from ^https://(?:[^/:]+\.)?safelinks\.protection\.outlook\.com/\?

[Thrawn]

Er...why the Bugzilla reference?

[barbaz]

Er...why the Bugzilla reference?

Re-read the OP

[Thrawn]

Re-read the OP

Ah, didn't see it in that link until I hovered.